4 Answers
4

Please note: Any method which involves putting your login password in plain text, in a command or in a file, is insecure and should NOT be used!

The correct way to do it to setup sudo such that only the one specific command you need, i.e. echo date... > rtc..., is allowed to run WITHOUT needing the password.

Step 1. Create a shell script with just that command

Open up gedit (or your favorite editor), and create the script e.g. pydatertc.sh

Insert only this line, and save it to, e.g. your home directory:

echo date \'+%s\' -d \'+ 24 hours\' > /sys/class/rtc/rtc0/wakealarm

Quit the editor, and from the terminal, make the script executable and change its ownership to root, otherwise another user with access to your system could possibly edit it and execute whatever commands they want as root without needing your password:

Step 2. Set up sudo to allow pydatertc.sh to execute without requiring a password

Type sudo visudo at the terminal to open the sudo permissions (sudoers) file

Around line 25, you'll see this line: %sudo ALL=(ALL:ALL) ALL

Below that line, insert the following line, where username is your username:

username ALL=(ALL) NOPASSWD: /home/username/pydatertc.sh

Exit the editor (Ctrl+X if nano)

Step 3. Modify your python script to call pydatertc.sh

Change the line to:

os.system('sudo /home/username/pydatertc.sh')

Now your script should run without requiring a password AND without compromising the security of your account, your data or your system!

Alternative only for wakealarm (not for general use!):

In this specific case only, since the /sys/class/rtc/rtc0/wakealarm file only controls the wake-up alarm for the system and is otherwise harmless, another alternative to avoid the password is either to take ownership of that file with chown (if you are the only user setting the alarm), or make it world-writeable with chmod +666; in that case, simply remove the sudo from your Python call, leaving sh -c "...." intact.

@m-ric Did you read the command above these lines? "otherwise another user with access to your system could possibly edit it and execute whatever commands they want as root without needing your password"
–
Tobias KienzlerNov 18 '13 at 13:12

Putting your login password in plain text, in a command or file, is extremely insecure and can compromise your private data and your system. It is highly recommended never to do this even if you think your system is "personal" or in a "safe location"!

If the script is only for personal use and you have placed it in a safe place and you are not afraid of your account being stolen and such, then here's a simple solution:

@Viswa, Please note that, this is very very dangerous to reveal password in plain text. You are highly advised ,not to do that
–
Anwar ShahJun 25 '12 at 15:04

2

thanks, But now i knew how to run the sudo command without asking password. At the same time i understood the problems with reveal password.
–
ViswaJun 26 '12 at 3:57

3

Hah! I had 6 upvotes and 4 downvotes on my answer :) But why guys, wasn't I clear 'Personal use', 'safe place' etc? There isn't a security issue unless you give this file out and you have an ssh server running! Where do you see the security issue provided that the script is for personal use and in safe place?
–
hakermaniaJun 26 '12 at 10:32

3

Downvoted, this is the Road to the dark side, and not needed with the sudo method.
–
FloydJul 28 '12 at 6:11

4

Ok, just tell me, even if the hacker has logged in as simple user to your account, how the heck will he find the script with your password under /usr/share/help/lv/ubuntu-help ??
–
hakermaniaJul 28 '12 at 8:45

If you don't mind the script running at a specific time on the hour (or during the day), put it inside root's home directory (/root), and run the script from the system crontab (/etc/crontab) as root. Then you won't have to compromise your security.

You might probably want to use anacron if that is a desktop/laptop which don't run 24x7
–
balkiJun 25 '12 at 15:23

This is a useful answer, for example if you are writing the script to check for updates, do something with that information, and email the administrator about updates needed. Personally, many of my scripts are used for server automation, so just using sudo crontab -e is what I would tend to do. +1
–
RabOct 17 '14 at 23:50

Another related nice feature of sudo which hasn't been mentioned in the excellent answers above is the 'timestamp_timeout' variable. It is a sudo variable which you may increase to save on interactive password typing.

Example, in /etc/sudoers (or one of the files included from it) you may modify the default:

# only require a password once every 60 minutes
Defaults timestamp_timeout=60

Full description from 'man sudoers':

timestamp_timeout

Number of minutes that can elapse before sudo will ask for
a passwd again. The default is 5, set this to 0 to always
prompt for a password.

Of course, this cannot help in the specific case of running the command from cron.
But it is a good thing to be aware of.